Qualys Revamps Managed Security Platform with Java Back-End

Qualys unveiled its second-generation security-as-a-service platform that uses Java and a number of open-source technologies. The company also announced a new open-source application firewall project.

Qualys overhauled its
managed-security service with open-source components and virtualization
technologies to launch QualysGuard IT, its second-generation cloud-based
managed-security service.
Qualys will be demonstrating
the new security and compliance
platform during the RSA Conference in San Francisco from Feb. 14 to 18.

The company spent two years
completely re-architecting the security-as-a-service platform to run with a
Java back-end and open-source technologies, according to Phillipe Courtot,
chairman and CEO for Qualys. The new platform uses Apache Solr for clustered
data indexing and tagging, and technology from Terracotta and Ehcache for
Web-scale application clustering.

The company also implemented
a customizable reporting engine using BIRT (Business Intelligence and Reporting
Tools), which can output reports in a variety of formats, including CSV, DOC,
XLS, PDF, XML and PPT. The Eclipse Foundation maintains the BIRT project.
Despite the extensive
modifications under the hood, the changes are entirely transparent to QualysGard
customers under the SAAS model, said Courtot.
The new QualysGuard IT is
aimed at making it easy for IT managers to spot anomalies and to figure out
whether there is a security issue. The simplified user interface targets
smaller businesses that are less likely to have an in-house security team but
face the same kind of threats as a large enterprise, Qualys said.
The new framework ties
together all Qualys IT
security and compliance applications, platform services and engines for
reporting, collaboration, remediation, risk calculating and alerts along with
the security and compliance data collected from the customer, according to
Courtot. With the new platform, customers get prioritized job management,
modular services to ensure uptime and performance, and dynamic analysis and
reporting capabilities, the company said.
Customers can also search
across several Qualys data sets, including scan results, asset data, scan
profiles, users and vulnerabilities. The revamped user interface has dynamic
and interactive interfaces, wizards and new reporting templates to help present
scan data in a useful manner, Qualys said.
With more customers moving
to the cloud and adopting virtualization, Qualys announced virtualized scanners
with the same capabilities as its existing line of hardware-based scanners.
These scanners work with the QualysGuard IT platform to collect network data.
The virtual scanners will run under VMware, Xen and Hyper-V, and can be managed
via a Web interface along with all the data they collect, the company said.
The virtual appliances will
be rolled out in multiple phases to support different environments, beginning
with a version for Amazon EC2 (Elastic Compute Cloud) in March. Versions for
Amazon Virtual Private Cloud and a "consultant version" to run on a laptop via
the VMware console will be available in June. An enterprise version for data
centers running centralized-management systems such as VMware vSphere will
follow in September, Qualys said.
The Amazon EC2 Virtual
Scanner will be bundled with the QualysGuard subscription while the other
virtual scanner appliances will be priced at $995.
Qualys also announced IronBee, an open-source cloud-based WAF
(Web Application Firewall) it is developing as a joint collaboration with
Akamai. IronBee examines HTTP traffic to evaluate data and code as they pass
through the network to trap attacks such as cross-side scripting and embedded
JavaScript, according to the project's page. IronBee can either block the
traffic outright, or modify it to neutralize the threat. Released under the
Apache version 2 license, the source code is available from its Github repository.
The team behind IronBee also
worked on an earlier open-source WAF project, ModSecurity, Qualys said.